Deployed malware aims to steal internal documents from CIS government and diplomatic entities
Daily Archives: April 24, 2023
BrandPost: AT&T Cybersecurity Insights Report
This year’s Annual AT&T Cybersecurity Insights Report focuses on the edge ecosystem, with the core report focusing on connecting and securing the entire edge computing ecosystem. This includes transport infrastructure, endpoints, operating systems, application workloads, and production monitoring/management/mitigation/runtime.
The 2023 AT&T Cybersecurity Insights Report presents a perspective that recognizes the essential characteristics and key differences among edge architectures and provides a realistic picture of the state of edge. The report invites decision makers to think holistically about edge ecosystem strategies by providing insights into:
Paladin Cloud launches new tool for attack surface discovery and management
Open source, cloud security firm Paladin Cloud has launched a new SaaS-based platform for enterprise cloud attack surface discovery and vulnerability management.
Built on Paladin Cloud’s open source core, the platform has a set of security policies implemented in code to serve as an extended policy management tool that integrates into various enterprise systems, providing a comprehensive view of security across multicloud environments.
“Our cloud security platform helps developers and security teams define their cyber asset attack surface, verify that security controls are providing their intended protection, and extend their security posture over multi and hybrid cloud environments,” said Daniel Deeney, co-founder, and CEO of Paladin Cloud.
BrandPost: The Relationship Between Security Maturity and Business Enablement
AT&T Cybersecurity and Enterprise Strategy Group (ESG) completed a benchmark survey to better understand what a mature cybersecurity program looks like and how that maturity influences security and business outcomes. Results from the 500 security professionals surveyed on their processes, policies, and controls were mapped into the NIST Cybersecurity Framework’s (CSF) five foundational cybersecurity functions: Identify, Protect, Detect, Respond, and Recover.
To learn more about our findings, read AT&T Cybersecurity and ESG’s benchmark report here.
Hackers behind 3CX breach also breached US critical infrastructure
The hacking group responsible for the supply-chain attack targeting VoIP company 3CX also breached two critical infrastructure organizations in the energy sector and two financial trading organizations using the trojanized X_TRADER application, according to a report by Symantec.
Among the two affected critical infrastructure organizations, one is located in the US while the other is in Europe, Symantec told Bleeping Computer.
IBM offers integrated security management with QRadar release
IBM at the RSA conference today announced the availability of its new QRadar Security Suite, which is designed to help simplify the challenges faced by security teams tasked with managing an ever-growing list of different security tools.
QRadar is a largely AWS-based SaaS system that features four core products that can be managed from the central QRadar console. The first is Log Insights, which the company said is a cloud-native log analytics platform designed with optimized search and rapid analysis on very large datasets.
The second is QRadar EDR (Endpoint detection and response ) and XDR (extended detection and response), an endpoint management system with AI and behavioral modeling features that allow it to monitor devices from outside the endpoint, making it more difficult to confuse and giving it the ability to quickly correlate alerts from different sources and perform automatic investigations.
Akamai debuts Brand Protector service to combat phishing, online forgery
Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns.
The basic concept of the new service, launched at RSA Conference in San Francisco today, is simple — Akamai, via its large array of global points of presence, monitors vast volumes of traffic, looking for indicators of intellectual property or client resources being misused, like corporate branding or certificates being used from IPs that aren’t associated with that company.
Akamai said that it can use that intelligence to detect brand abuse “often, before an attack campaign launches,” according to its official announcement.
Securing the Edge Ecosystem Global Research released – Complimentary report available
AT&T Cybersecurity is committed to providing thought leadership to help you strategically plan for an evolving cybersecurity landscape. Our 2023 AT&T Cybersecurity InsightsTM Report: Edge Ecosystem is now available. It describes the common characteristics of an edge computing environment, the top use cases and security trends, and key recommendations for strategic planning.
This is the 12th edition of our vendor-neutral and forward-looking report. During the last four years, the annual AT&T Cybersecurity Insights Report has focused on edge migration. Past reports have documented how we
interact using edge computing (get the 2020 report)
benefit from edge computing (get the 2021 report)
secure the data, applications, and endpoints that rely on edge computing (get the 2022 report)
This year’s report reveals how the edge ecosystem is maturing along with our guidance on adapting and managing this new era of computing.
Watch the webcast to hear more about our findings.
The robust quantitative field survey reached 1,418 professionals in security, IT, application development, and line of business from around the world. The qualitative research tapped subject matter experts across the cybersecurity industry.
At the onset of our research, we set out to find the following:
Momentum of edge computing in the market.
Collaboration approaches to connecting and securing the edge ecosystem.
Perceived risk and benefit of the common use cases in each industry surveyed.
The results focus on common edge use cases in seven vertical industries – healthcare, retail, finance, manufacturing, energy and utilities, transportation, and U.S. SLED and delivers actionable advice for securing and connecting an edge ecosystem – including external trusted advisors. Finally, it examines cybersecurity and the broader edge ecosystem of networking, service providers, and top use cases.
As with any piece of primary research, we found some surprising and some not-so-surprising answers to these three broad questions.
Edge computing has expanded, creating a new ecosystem
Because our survey focused on leaders who are using edge to solve business problems, the research revealed a set of common characteristics that respondents agreed define edge computing.
A distributed model of management, intelligence, and networks.
Applications, workloads, and hosting closer to users and digital assets that are generating or consuming the data, which can be on-premises and/or in the cloud.
Software-defined (which can mean the dominant use of private, public, or hybrid cloud environments; however, this does not rule out on-premises environments).
Understanding these common characteristics are essential as we move to an even further democratized version of computing with an abundance of connected IoT devices that will process and deliver data with velocity, volume, and variety, unlike anything we’ve previously seen.
Business is embracing the value of edge deployments
The primary use case of industries we surveyed evolved from the previous year. This shows that businesses are seeing positive outcomes and continue to invest in new models enabled by edge computing.
Industry
2022 Primary Use Case
2023 Primary Use Case
Healthcare
Consumer Virtual Care
Tele-emergency Medical Services
Manufacturing
Video-based Quality Inspection
Smart Warehousing
Retail
Lost Prevention
Real-time Inventory Management
Energy and Utilities
Remote Control Operations
Intelligent Grid Management
Finance
Concierge Services
Real-time Fraud Protection
Transportation
n/a
Fleet Tracking
U.S. SLED
Public Safety and Enforcement
Building Management
A full 57% of survey respondents are in proof of concept, partial, or full implementation phases with their edge computing use cases.
One of the most pleasantly surprising findings is how organizations are investing in security for edge. We asked survey participants how they were allocating their budgets for the primary edge use cases across four areas – strategy and planning, network, security, and applications.
The results show that security is clearly an integral part of edge computing. This balanced investment strategy shows that the much-needed security for ephemeral edge applications is part of the broader plan.
Edge project budgets are notably nearly balanced across four key areas:
Network – 30%
Overall strategy and planning – 23%
Security – 22%
Applications – 22%
A robust partner ecosystem supports edge complexity
Across all industries, external trusted advisors are being called upon as critical extensions of the team. During the edge project planning phase, 64% are using an external partner. During the production phase, that same number increases to 71%. These findings demonstrate that organizations are seeking help because the complexity of edge demands more than a do-it-yourself approach.
A surprise finding comes in the form of the changing attack surface and changing attack sophistication. Our data shows that DDoS (Distributed Denial of Service) attacks are now the top concern (when examining the data in the aggregate vs. by industry). Surprisingly, ransomware dropped to eighth place out of eight in attack type.
The qualitative analysis points to an abundance of organizational spending on ransomware prevention over the past 24 months and enthusiasm for ransomware containment. However, ransomware criminals and their attacks are relentless. Additional qualitative analysis suggests cyber adversaries may be cycling different types of attacks. This is a worthwhile issue to discuss in your organization. What types of attacks concern your team the most?
Building resilience is critical for successful edge integration
Resilience is about adapting quickly to a changing situation. Together, resilience and security address risk, support business needs, and drive operational efficiency at each stage of the journey. As use cases evolve, resilience gains importance, and the competitive advantage that edge applications provide can be fine-tuned. Future evolution will involve more IoT devices, faster connectivity and networks, and holistic security tailored to hybrid environments.
Our research finds that organizations are fortifying and future-proofing their edge architectures and adding cyber resilience as a core pillar. Empirically, our research shows that as the number of edge use cases in production grows, there is a strong need and desire to increase protection for endpoints and data. For example, the use of endpoint detection and response grows by 12% as use cases go from ideation to full implementation.
Maturity in understanding edge use cases and what it takes to protect actively is a journey that every organization will undertake.
Key takeaways
You may not realize you’ve already encountered edge computing – whether it is through a tele-medicine experience, finding available parking places in a public structure, or working in a smart building. Edge is bringing us to a digital-first world, rich with new and exciting possibilities.
By embracing edge computing, you’ll help your organization gain important, and often competitive business advantages. This report is designed to help you start and further the conversation. Use it to develop a strategic plan that includes these key development areas.
Start developing your edge computing profile. Work with internal line-of-business teams to understand use cases. Include key business partners and vendors to identify initiatives that impact security.
Develop an investment strategy. Bundle security investments with use case development. Evaluate investment allocation. The increased business opportunity of edge use cases should include a security budget.
Align resources with emerging security priorities. Use collaboration to expand expertise and lower resource costs. Consider creating edge computing use case experts who help the security team stay on top of emerging use cases.
Prepare for ongoing, dynamic response. Edge use cases rapidly evolve once they show value. Use cases require high-speed, low-latency networks as network functions and cybersecurity controls converge.
A special thanks to our contributors for their continued guidance on this report
A report of this scope and magnitude comes together through a collaborative effort of leaders in the cybersecurity market.
Akamai
Check Point
Cisco
Ivanti
Palo Alto Networks
SentinelOne
VMware
Thank you to our 2023 AT&T Cybersecurity Insights Report contributors!
To help start or advance the conversation about edge computing in your organization, use the infographic below as a guide.
UK Threatens End-to-End Encryption
In an open letter, seven secure messaging apps—including Signal and WhatsApp—point out that the UK’s Online Safety Bill could destroy end-to-end encryption:
As currently drafted, the Bill could break end-to-end encryption,opening the door to routine, general and indiscriminate surveillance of personal messages of friends, family members, employees, executives, journalists, human rights activists and even politicians themselves, which would fundamentally undermine everyone’s ability to communicate securely.
The Bill provides no explicit protection for encryption, and if implemented as written, could empower OFCOM to try to force the proactive scanning of private messages on end-to-end encrypted communication services – nullifying the purpose of end-to-end encryption as a result and compromising the privacy of all users.
In short, the Bill poses an unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldening hostile governments who may seek to draft copy-cat laws.
Both Signal and WhatsApp have said that they will cease services in the UK rather than compromise the security of their users world-wide.